CERT-In ordered 12-hour patching for critical internet-facing flaws as AI-driven attacks accelerate cyber exploitation.

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.

Microsoft released fixes for SharePoint remote code execution vulnerability CVE-2026-45659 with a CVSS score of 8.8.

MFA prompt bombing enabled Cisco attackers to steal 2.8GB in 2022, exposing push MFA weaknesses and account takeover risks.

Nimbus Manticore used AI-assisted MiniFast malware in 2026 campaigns, expanding espionage through SEO poisoning and phishing.

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ...

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

Anthropic uncovered 10,000 vulnerabilities through Project Glasswing, driving urgent patching efforts and stronger cyber ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.